[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-35776/asterisk

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bfa70cc4 by Salvatore Bonaccorso at 2021-02-20T07:58:22+01:00
Add Debian bug reference for CVE-2020-35776/asterisk

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -14368,7 +14368,7 @@ CVE-2020-35778 (Certain NETGEAR devices are affected by 
CSRF. This affects GS716
 CVE-2020-35777 (NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by 
command inj ...)
NOT-FOR-US: Netgear
 CVE-2020-35776 (A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk 
version ...)
-   - asterisk 
+   - asterisk  (bug #983158)
NOTE: https://downloads.asterisk.org/pub/security/AST-2021-001.html
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29227
 CVE-2020-35775 (CITSmart before 9.1.2.23 allows LDAP Injection. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfa70cc48d71cc79f0ad0fb1980322ced559f0ac

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfa70cc48d71cc79f0ad0fb1980322ced559f0ac
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2021-26906/asterisk

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1bbc1ba5 by Salvatore Bonaccorso at 2021-02-20T07:57:54+01:00
Add Debian bug reference for CVE-2021-26906/asterisk

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1320,7 +1320,7 @@ CVE-2021-26908
 CVE-2021-26907
RESERVED
 CVE-2021-26906 (An issue was discovered in res_pjsip_session.c in Digium 
Asterisk thro ...)
-   - asterisk 
+   - asterisk  (bug #983159)
NOTE: https://downloads.asterisk.org/pub/security/AST-2021-005.html
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29196
 CVE-2021-3402



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1bbc1ba555e9ba8f219edaf172cebb51a832124d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1bbc1ba555e9ba8f219edaf172cebb51a832124d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add reference for CVE-2021-26906

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
982b2e3c by Salvatore Bonaccorso at 2021-02-20T07:57:20+01:00
Add reference for CVE-2021-26906

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1322,6 +1322,7 @@ CVE-2021-26907
 CVE-2021-26906 (An issue was discovered in res_pjsip_session.c in Digium 
Asterisk thro ...)
- asterisk 
NOTE: https://downloads.asterisk.org/pub/security/AST-2021-005.html
+   NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29196
 CVE-2021-3402
RESERVED
- yara 4.0.4-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/982b2e3c21e00465485d2ad06d24a73c2b967d7c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/982b2e3c21e00465485d2ad06d24a73c2b967d7c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2021-26713/asterisk

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
99d5565e by Salvatore Bonaccorso at 2021-02-20T07:38:51+01:00
Add CVE-2021-26713/asterisk

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1754,6 +1754,8 @@ CVE-2021-26714
RESERVED
 CVE-2021-26713
RESERVED
+   - asterisk  (Only affects 16.16.0 onwards)
+   NOTE: https://downloads.asterisk.org/pub/security/AST-2021-004.html
 CVE-2021-26712 (Incorrect access controls in res_srtp.c in Sangoma Asterisk 
13.38.1, 1 ...)
- asterisk  (Only affects 16.16)
NOTE: https://downloads.asterisk.org/pub/security/AST-2021-003.html



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99d5565ecb612f31e23d58c55c7a831711335f3f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99d5565ecb612f31e23d58c55c7a831711335f3f
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2021-26717/asterisk

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a786e4fa by Salvatore Bonaccorso at 2021-02-20T07:37:23+01:00
Add Debian bug reference for CVE-2021-26717/asterisk

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1743,7 +1743,7 @@ CVE-2021-26719 (A directory traversal issue was 
discovered in Gradle gradle-ente
 CVE-2021-26718
RESERVED
 CVE-2021-26717 (An issue was discovered in Sangoma Asterisk 16.x before 
16.16.1, 17.x  ...)
-   - asterisk 
+   - asterisk  (bug #983157)
[buster] - asterisk  (Introduced in 16.15.0)
NOTE: https://downloads.asterisk.org/pub/security/AST-2021-002.html
 CVE-2021-26716



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a786e4fa9648abbad2280b04f9d580d62ff6d96e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a786e4fa9648abbad2280b04f9d580d62ff6d96e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2020-35776/asterisk

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
dda520d6 by Salvatore Bonaccorso at 2021-02-20T07:35:14+01:00
Add CVE-2020-35776/asterisk

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -14365,7 +14365,9 @@ CVE-2020-35778 (Certain NETGEAR devices are affected by 
CSRF. This affects GS716
 CVE-2020-35777 (NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by 
command inj ...)
NOT-FOR-US: Netgear
 CVE-2020-35776 (A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk 
version ...)
-   TODO: check
+   - asterisk 
+   NOTE: https://downloads.asterisk.org/pub/security/AST-2021-001.html
+   NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29227
 CVE-2020-35775 (CITSmart before 9.1.2.23 allows LDAP Injection. ...)
NOT-FOR-US: CITSmart
 CVE-2020-35774 (server/handler/HistogramQueryHandler.scala in Twitter 
TwitterServer (a ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dda520d6037767a04d55e0f4d760afe770c2831f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dda520d6037767a04d55e0f4d760afe770c2831f
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Adjust advisory URL for CVE-2021-26712

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c38743df by Salvatore Bonaccorso at 2021-02-20T07:33:14+01:00
Adjust advisory URL for CVE-2021-26712

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1756,7 +1756,7 @@ CVE-2021-26713
RESERVED
 CVE-2021-26712 (Incorrect access controls in res_srtp.c in Sangoma Asterisk 
13.38.1, 1 ...)
- asterisk  (Only affects 16.16)
-   NOTE: https://downloads.asterisk.org/pub/security/AST-2021-002.html
+   NOTE: https://downloads.asterisk.org/pub/security/AST-2021-003.html
 CVE-2021-26711 (A frame-injection issue in the online help in Redwood 
Report2Web 4.3.4 ...)
NOT-FOR-US: Redwood Report2Web
 CVE-2021-26710 (A cross-site scripting (XSS) issue in the login panel in 
Redwood Repor ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c38743dff037637eafeacb4246d7343357b25f4c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c38743dff037637eafeacb4246d7343357b25f4c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] chromium dsa

[Michael Gilbert]

Michael Gilbert pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7ccc58e0 by Michael Gilbert at 2021-02-20T02:25:17+00:00
chromium dsa

- - - - -


2 changed files:

- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[19 Feb 2021] DSA-4858-1 chromium - security update
+   {CVE-2021-21148 CVE-2021-21149 CVE-2021-21150 CVE-2021-21151 
CVE-2021-21152 CVE-2021-21153 CVE-2021-21154 CVE-2021-21155 CVE-2021-21156 
CVE-2021-21157}
+   [buster] - chromium 88.0.4324.182-1~deb10u1
 [18 Feb 2021] DSA-4857-1 bind9 - security update
{CVE-2020-8625}
[buster] - bind9 1:9.11.5.P4+dfsg-5.1+deb10u3


=
data/dsa-needed.txt
=
@@ -11,8 +11,6 @@ To pick an issue, simply add your uid behind it.
 
 If needed, specify the release by adding a slash after the name of the source 
package.
 
---
-chromium
 --
 knot-resolver
   Santiago Ruano Rincón proposed a debdiff for review



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ccc58e08bbf9cc6d1caf62abb9f3caff408d2d8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ccc58e08bbf9cc6d1caf62abb9f3caff408d2d8
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new u-boot, asterisk issues

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e48f4435 by Moritz Muehlenhoff at 2021-02-19T23:07:42+01:00
new u-boot, asterisk issues
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -213,15 +213,15 @@ CVE-2021-27401
 CVE-2021-27400
RESERVED
 CVE-2020-36252 (ownCloud Server 10.x before 10.3.1 allows an attacker, who has 
one out ...)
-   TODO: check
+   - owncloud 
 CVE-2020-36251 (ownCloud Server before 10.3.0 allows an attacker, who has 
received non ...)
-   TODO: check
+   - owncloud 
 CVE-2020-36250 (In the ownCloud application before 2.15 for Android, the lock 
protecti ...)
-   TODO: check
+   NOT-FOR-US: ownCloud app for Android
 CVE-2020-36249 (The File Firewall before 2.8.0 for ownCloud Server does not 
properly e ...)
-   TODO: check
+   NOT-FOR-US: ownCloud addon
 CVE-2020-36248 (The ownCloud application before 2.15 for Android allows 
attackers to u ...)
-   TODO: check
+   NOT-FOR-US: ownCloud app for Android
 CVE-2020-36247 (Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows 
CSRF. ...)
NOT-FOR-US: Open OnDemand
 CVE-2020-36246 (Amaze File Manager before 3.5.1 allows attackers to obtain 
root privil ...)
@@ -792,7 +792,11 @@ CVE-2021-27140 (An issue was discovered on FiberHome 
HG6245D devices through RP2
 CVE-2021-27139 (An issue was discovered on FiberHome HG6245D devices through 
RP2613. I ...)
NOT-FOR-US: FiberHome devices
 CVE-2021-27138 (The boot loader in Das U-Boot before 2021.04-rc2 mishandles 
use of uni ...)
-   TODO: check
+   - u-boot 
+   [buster] - u-boot  (Minor issue)
+   NOTE: 
https://github.com/u-boot/u-boot/commit/3f04db891a353f4b127ed57279279f851c6b4917
+   NOTE: 
https://github.com/u-boot/u-boot/commit/79af75f7776fc20b0d7eb6afe1e27c00fdb4b9b4
+   NOTE: 
https://github.com/u-boot/u-boot/commit/b6f4c757959f8850e1299a77c8e5713da78e8ec0
 CVE-2021-27137
RESERVED
 CVE-2021-27136
@@ -880,7 +884,11 @@ CVE-2021-27099
 CVE-2021-27098
RESERVED
 CVE-2021-27097 (The boot loader in Das U-Boot before 2021.04-rc2 mishandles a 
modified ...)
-   TODO: check
+   - u-boot 
+   [buster] - u-boot  (Minor issue)
+   NOTE: 
https://github.com/u-boot/u-boot/commit/6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01
+   NOTE: 
https://github.com/u-boot/u-boot/commit/8a7d4cf9820ea16fabd25a6379351b4dc291204b
+   NOTE: 
https://github.com/u-boot/u-boot/commit/b6f4c757959f8850e1299a77c8e5713da78e8ec0
 CVE-2021-27096
RESERVED
 CVE-2021-27095
@@ -1312,7 +1320,8 @@ CVE-2021-26908
 CVE-2021-26907
RESERVED
 CVE-2021-26906 (An issue was discovered in res_pjsip_session.c in Digium 
Asterisk thro ...)
-   TODO: check
+   - asterisk 
+   NOTE: https://downloads.asterisk.org/pub/security/AST-2021-005.html
 CVE-2021-3402
RESERVED
- yara 4.0.4-1
@@ -1672,7 +1681,7 @@ CVE-2021-26748
 CVE-2021-26747 (Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow 
Shell Metach ...)
NOT-FOR-US: Netis devices
 CVE-2021-26746 (Chamilo 1.11.14 allows XSS via a 
main/calendar/agenda_list.php?type= U ...)
-   TODO: check
+   NOT-FOR-US: Chamilo
 CVE-2021-26745
RESERVED
 CVE-2021-26744
@@ -1734,7 +1743,9 @@ CVE-2021-26719 (A directory traversal issue was 
discovered in Gradle gradle-ente
 CVE-2021-26718
RESERVED
 CVE-2021-26717 (An issue was discovered in Sangoma Asterisk 16.x before 
16.16.1, 17.x  ...)
-   TODO: check
+   - asterisk 
+   [buster] - asterisk  (Introduced in 16.15.0)
+   NOTE: https://downloads.asterisk.org/pub/security/AST-2021-002.html
 CVE-2021-26716
RESERVED
 CVE-2021-26715
@@ -1744,7 +1755,8 @@ CVE-2021-26714
 CVE-2021-26713
RESERVED
 CVE-2021-26712 (Incorrect access controls in res_srtp.c in Sangoma Asterisk 
13.38.1, 1 ...)
-   TODO: check
+   - asterisk  (Only affects 16.16)
+   NOTE: https://downloads.asterisk.org/pub/security/AST-2021-002.html
 CVE-2021-26711 (A frame-injection issue in the online help in Redwood 
Report2Web 4.3.4 ...)
NOT-FOR-US: Redwood Report2Web
 CVE-2021-26710 (A cross-site scripting (XSS) issue in the login panel in 
Redwood Repor ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e48f44356a7105bacca6394b393039eb5118dcbd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e48f44356a7105bacca6394b393039eb5118dcbd
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 4 commits: add note for CVE-2018-17206 in branch-2.6 of openvswitch

[Thorsten Alteholz]

Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a82c5281 by Thorsten Alteholz at 2021-02-19T23:01:15+01:00
add note for CVE-2018-17206 in branch-2.6 of openvswitch

- - - - -
b09e8ff8 by Thorsten Alteholz at 2021-02-19T23:01:16+01:00
add note for CVE-2018-17204 in branch-2.6 of openvswitch

- - - - -
875f7684 by Thorsten Alteholz at 2021-02-19T23:01:17+01:00
uploading new point release in Stretch fixes some CVEs

- - - - -
25c770d7 by Thorsten Alteholz at 2021-02-19T23:02:58+01:00
Reserve DLA-2571-1 for openvswitch

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/CVE/list
=
@@ -28062,7 +28062,6 @@ CVE-2020-27827 [lldp: avoid memory leak from bad 
packets]
[buster] - lldpd  (Minor issue)
[stretch] - lldpd  (Minor issue)
- openvswitch 2.15.0~git20210104.def6eb1ea+dfsg1-4 (bug #980132)
-   [stretch] - openvswitch  (Minor issue)
NOTE: https://github.com/openvswitch/ovs/pull/337
NOTE: 
https://github.com/lldpd/lldpd/commit/a8d3c90feca548fc0656d95b5d278713db86ff61
NOTE: 
https://mail.openvswitch.org/pipermail/ovs-announce/2021-January/000269.html
@@ -160285,11 +160284,11 @@ CVE-2018-17207 (An issue was discovered in Snap 
Creek Duplicator before 1.2.42.
NOT-FOR-US: Snap Creek Duplicator
 CVE-2018-17206 (An issue was discovered in Open vSwitch (OvS) 2.7.x through 
2.7.6. The ...)
- openvswitch 2.10.0+2018.08.28+git.8ca7c82b7d+ds1-1
-   [stretch] - openvswitch  (Minor issue)
[jessie] - openvswitch  (Vulnerable code does not exist; 
no such function)
NOTE: 
https://github.com/openvswitch/ovs/commit/5026a263d7846077eee540de42192d27da513226
 (master)
NOTE: 
https://github.com/openvswitch/ovs/commit/20626d38c1a1d4cebb5a6911ea3cb6a7f4f993f8
 (branch-2.8)
NOTE: 
https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8
 (branch-2.7)
+   NOTE: 
https://github.com/openvswitch/ovs/commit/ee47d61ba1c97cf67a68f0191dec1f93bfafc0a0
 (branch-2.6)
 CVE-2018-17205 (An issue was discovered in Open vSwitch (OvS) 2.7.x through 
2.7.6, aff ...)
- openvswitch 2.10.0+2018.08.28+git.8ca7c82b7d+ds1-1
[stretch] - openvswitch  (Vulnerable code introduced 
later)
@@ -160299,11 +160298,11 @@ CVE-2018-17205 (An issue was discovered in Open 
vSwitch (OvS) 2.7.x through 2.7.
NOTE: 
https://github.com/openvswitch/ovs/commit/0befd1f3745055c32940f5faf9559be6a14395e6
 (branch-2.7)
 CVE-2018-17204 (An issue was discovered in Open vSwitch (OvS) 2.7.x through 
2.7.6, aff ...)
- openvswitch 2.10.0+2018.08.28+git.8ca7c82b7d+ds1-1
-   [stretch] - openvswitch  (Minor issue)
[jessie] - openvswitch  (Vulnerable code does not exist; 
no such function)
NOTE: 
https://github.com/openvswitch/ovs/commit/9740d81d94888cb158fa99a9366fe2b32b3e4aaa
 (master)
NOTE: 
https://github.com/openvswitch/ovs/commit/8976ea1d680ab7a2d726a50e5666aa8fefd24168
 (branch-2.8)
NOTE: 
https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde
 (branch-2.7)
+   NOTE: 
https://github.com/openvswitch/ovs/commit/fbe37f3ccc819a044a500fb5da13d3e53596c2a7
 (branch-2.6)
NOTE: ovs-vswitchd does not enable support for OpenFlow 1.5 by default.
 CVE-2018-17203
REJECTED
@@ -232834,7 +232833,6 @@ CVE-2017-9215
 CVE-2017-9214 (In Open vSwitch (OvS) 2.7.0, while parsing an 
OFPT_QUEUE_GET_CONFIG_RE ...)
[experimental] - openvswitch 2.8.1+dfsg1-1
- openvswitch 2.8.1+dfsg1-2 (bug #863228)
-   [stretch] - openvswitch  (Minor issue)
[jessie] - openvswitch  (Vulnerable code not present)
[wheezy] - openvswitch  (Vulnerable code not present)
NOTE: 
https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.html
@@ -292977,7 +292975,6 @@ CVE-2015-8011 (Buffer overflow in the lldp_decode 
function in daemon/protocols/l
[wheezy] - lldpd  (Vulnerable code not present)
[squeeze] - lldpd  (Vulnerable code not present)
- openvswitch 2.15.0~git20210104.def6eb1ea+dfsg1-1
-   [stretch] - openvswitch  (Minor issue)
NOTE: 
https://github.com/lldpd/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2
NOTE: https://www.openwall.com/lists/oss-security/2015/10/16/2
NOTE: 
https://mail.openvswitch.org/pipermail/ovs-announce/2021-January/000268.html


=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[19 Feb 2021] DLA-2571-1 openvswitch - security update
+   {CVE-2015-8011 CVE-2017-9214 CVE-2018-17204 CVE-2018-17206 
CVE-2020-27827 CVE-2020-35498}
+   [stretch] - openvswitch 2.6.10-0+deb9u1
 [20 Feb 2021] DLA-2570-1 screen - security update
{CVE-2021-26937}
[stretch] - screen 4.5.0-6+deb9u1

[Git][security-tracker-team/security-tracker][master] python3.7 spu

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a4dd2890 by Moritz Mühlenhoff at 2021-02-19T22:35:23+01:00
python3.7 spu

- - - - -


1 changed file:

- data/next-point-update.txt


Changes:

=
data/next-point-update.txt
=
@@ -44,3 +44,7 @@ CVE-2020-5208
[buster] - ipmitool 1.8.18-6+deb10u1
 CVE-2021-21289
[buster] - ruby-mechanize 2.7.6-1+deb10u1
+CVE-2020-26116
+   [buster] - python3.7 3.7.3-2+deb10u3
+CVE-2021-3177
+   [buster] - python3.7 3.7.3-2+deb10u3



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4dd28903f5e9a1a697ad08621e093c1123b9519

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4dd28903f5e9a1a697ad08621e093c1123b9519
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFU

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4124e9ed by Salvatore Bonaccorso at 2021-02-19T21:18:08+01:00
Process NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -13323,7 +13323,7 @@ CVE-2021-21514
 CVE-2021-21513
RESERVED
 CVE-2021-21512 (Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, 
contains an In ...)
-   TODO: check
+   NOT-FOR-US: EMC
 CVE-2021-21511 (Dell EMC Avamar Server, versions 19.3 and 19.4 contain an 
Improper Aut ...)
NOT-FOR-US: EMC Avamar Server
 CVE-2021-21510



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4124e9ed30208b0db28bda8b4b2fb48c31a94db4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4124e9ed30208b0db28bda8b4b2fb48c31a94db4
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bb649141 by security tracker role at 2021-02-19T20:10:29+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,205 @@
+CVE-2021-27506
+   RESERVED
+CVE-2021-27505
+   RESERVED
+CVE-2021-27504
+   RESERVED
+CVE-2021-27503
+   RESERVED
+CVE-2021-27502
+   RESERVED
+CVE-2021-27501
+   RESERVED
+CVE-2021-27500
+   RESERVED
+CVE-2021-27499
+   RESERVED
+CVE-2021-27498
+   RESERVED
+CVE-2021-27497
+   RESERVED
+CVE-2021-27496
+   RESERVED
+CVE-2021-27495
+   RESERVED
+CVE-2021-27494
+   RESERVED
+CVE-2021-27493
+   RESERVED
+CVE-2021-27492
+   RESERVED
+CVE-2021-27491
+   RESERVED
+CVE-2021-27490
+   RESERVED
+CVE-2021-27489
+   RESERVED
+CVE-2021-27488
+   RESERVED
+CVE-2021-27487
+   RESERVED
+CVE-2021-27486
+   RESERVED
+CVE-2021-27485
+   RESERVED
+CVE-2021-27484
+   RESERVED
+CVE-2021-27483
+   RESERVED
+CVE-2021-27482
+   RESERVED
+CVE-2021-27481
+   RESERVED
+CVE-2021-27480
+   RESERVED
+CVE-2021-27479
+   RESERVED
+CVE-2021-27478
+   RESERVED
+CVE-2021-27477
+   RESERVED
+CVE-2021-27476
+   RESERVED
+CVE-2021-27475
+   RESERVED
+CVE-2021-27474
+   RESERVED
+CVE-2021-27473
+   RESERVED
+CVE-2021-27472
+   RESERVED
+CVE-2021-27471
+   RESERVED
+CVE-2021-27470
+   RESERVED
+CVE-2021-27469
+   RESERVED
+CVE-2021-27468
+   RESERVED
+CVE-2021-27467
+   RESERVED
+CVE-2021-27466
+   RESERVED
+CVE-2021-27465
+   RESERVED
+CVE-2021-27464
+   RESERVED
+CVE-2021-27463
+   RESERVED
+CVE-2021-27462
+   RESERVED
+CVE-2021-27461
+   RESERVED
+CVE-2021-27460
+   RESERVED
+CVE-2021-27459
+   RESERVED
+CVE-2021-27458
+   RESERVED
+CVE-2021-27457
+   RESERVED
+CVE-2021-27456
+   RESERVED
+CVE-2021-27455
+   RESERVED
+CVE-2021-27454
+   RESERVED
+CVE-2021-27453
+   RESERVED
+CVE-2021-27452
+   RESERVED
+CVE-2021-27451
+   RESERVED
+CVE-2021-27450
+   RESERVED
+CVE-2021-27449
+   RESERVED
+CVE-2021-27448
+   RESERVED
+CVE-2021-27447
+   RESERVED
+CVE-2021-27446
+   RESERVED
+CVE-2021-27445
+   RESERVED
+CVE-2021-27444
+   RESERVED
+CVE-2021-27443
+   RESERVED
+CVE-2021-27442
+   RESERVED
+CVE-2021-27441
+   RESERVED
+CVE-2021-27440
+   RESERVED
+CVE-2021-27439
+   RESERVED
+CVE-2021-27438
+   RESERVED
+CVE-2021-27437
+   RESERVED
+CVE-2021-27436
+   RESERVED
+CVE-2021-27435
+   RESERVED
+CVE-2021-27434
+   RESERVED
+CVE-2021-27433
+   RESERVED
+CVE-2021-27432
+   RESERVED
+CVE-2021-27431
+   RESERVED
+CVE-2021-27430
+   RESERVED
+CVE-2021-27429
+   RESERVED
+CVE-2021-27428
+   RESERVED
+CVE-2021-27427
+   RESERVED
+CVE-2021-27426
+   RESERVED
+CVE-2021-27425
+   RESERVED
+CVE-2021-27424
+   RESERVED
+CVE-2021-27423
+   RESERVED
+CVE-2021-27422
+   RESERVED
+CVE-2021-27421
+   RESERVED
+CVE-2021-27420
+   RESERVED
+CVE-2021-27419
+   RESERVED
+CVE-2021-27418
+   RESERVED
+CVE-2021-27417
+   RESERVED
+CVE-2021-27416
+   RESERVED
+CVE-2021-27415
+   RESERVED
+CVE-2021-27414
+   RESERVED
+CVE-2021-27413
+   RESERVED
+CVE-2021-27412
+   RESERVED
+CVE-2021-27411
+   RESERVED
+CVE-2021-27410
+   RESERVED
+CVE-2021-27409
+   RESERVED
+CVE-2021-27408
+   RESERVED
+CVE-2021-27407
+   RESERVED
+CVE-2021-27406
+   RESERVED
 CVE-2021-27405 (A ReDoS (regular expression denial of service) flaw was found 
in the @ ...)
TODO: check
 CVE-2021-27404 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices 
allow injec ...)
@@ -141,8 +343,8 @@ CVE-2021-27353
RESERVED
 CVE-2021-27352
RESERVED
-CVE-2021-27351
-   RESERVED
+CVE-2021-27351 (The Terminate Session feature in the Telegram application 
through 7.2. ...)
+   TODO: check
 CVE-2021-27350
RESERVED
 CVE-2021-27349
@@ -187,8 +389,8 @@ CVE-2021-27330
RESERVED
 CVE-2021-27329 (Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS 
lookups or ...)
NOT-FOR-US: Friendica
-CVE-2021-27328
-   RESERVED
+CVE-2021-27328 (Yeastar NeoGate TG400 91.3.0.3 devices are affected by 
Directory Trave ...)
+   TODO: check
 CVE-2021-27327
RESERVED
 CVE-2021-27326
@@ -414,8 +616,8 @@ CVE-2021-27216
RESERVED
 CVE-2021-27215
RESERVED
-CVE-2021-27214
-   RESERVED
+CVE-2021-27214 (A Server-side request forgery (SSRF) vulnerability in the 
ProductConfi ...)
+   TODO: check
 CVE-2021-27213 (config.py in pystemon before 2021-02-13 allows code execution 
via YAML ...)
NOT-FOR-US: pystemon
 CVE-2019-25019 (LimeSurvey before 4.0.0-RC4 allows SQL injection via the 
participant m ...)
@@ 

[Git][security-tracker-team/security-tracker][master] Track proposed update for CVE-2021-21289 via buster-pu

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b45b3d3c by Salvatore Bonaccorso at 2021-02-19T21:02:56+01:00
Track proposed update for CVE-2021-21289 via buster-pu

- - - - -


1 changed file:

- data/next-point-update.txt


Changes:

=
data/next-point-update.txt
=
@@ -42,3 +42,5 @@ CVE-2021-27135
[buster] - xterm 344-1+deb10u1
 CVE-2020-5208
[buster] - ipmitool 1.8.18-6+deb10u1
+CVE-2021-21289
+   [buster] - ruby-mechanize 2.7.6-1+deb10u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b45b3d3ce7ff073e0d8d43ca2bbf32514f00f16d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b45b3d3ce7ff073e0d8d43ca2bbf32514f00f16d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2021-3402/yara

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5c0c2653 by Salvatore Bonaccorso at 2021-02-19T20:44:08+01:00
Track fixed version for CVE-2021-3402/yara

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1112,7 +1112,7 @@ CVE-2021-26906 (An issue was discovered in 
res_pjsip_session.c in Digium Asteris
TODO: check
 CVE-2021-3402
RESERVED
-   - yara 
+   - yara 4.0.4-1
NOTE: https://www.openwall.com/lists/oss-security/2021/01/29/2
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2021-001-yara/
 CVE-2021-26905 (1Password SCIM Bridge before 1.6.2 mishandles validation of 
authentica ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c0c265309cb819a825b70b13b0fc6127a01f023

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c0c265309cb819a825b70b13b0fc6127a01f023
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track proposed update for ipmitool via buster-pu

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
34937ad2 by Salvatore Bonaccorso at 2021-02-19T20:36:47+01:00
Track proposed update for ipmitool via buster-pu

- - - - -


1 changed file:

- data/next-point-update.txt


Changes:

=
data/next-point-update.txt
=
@@ -40,3 +40,5 @@ CVE-2020-35176
[buster] - awstats 7.6+dfsg-2+deb10u1
 CVE-2021-27135
[buster] - xterm 344-1+deb10u1
+CVE-2020-5208
+   [buster] - ipmitool 1.8.18-6+deb10u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34937ad2ce8a5cd3e4324ced86db7eee9a27fd03

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34937ad2ce8a5cd3e4324ced86db7eee9a27fd03
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-2570-1 for screen

[Utkarsh Gupta]

Utkarsh Gupta pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4d3497bf by Utkarsh Gupta at 2021-02-20T00:01:33+05:30
Reserve DLA-2570-1 for screen

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[20 Feb 2021] DLA-2570-1 screen - security update
+   {CVE-2021-26937}
+   [stretch] - screen 4.5.0-6+deb9u1
 [19 Feb 2021] DLA-2569-1 python-django - security update
{CVE-2021-23336}
[stretch] - python-django 1:1.10.7-2+deb9u11


=
data/dla-needed.txt
=
@@ -112,10 +112,6 @@ ruby-kaminari
   NOTE: 20201009: This (↑) is an app-level patch for a rails app. A 
library-level patch
   NOTE: 20201009: will needed to be written. Opened an issue at upstream, 
though somewhat inactive. (utkarsh)
 --
-screen (Utkarsh)
-  NOTE: 20210210: got CVE assigned and discussed on the list;
-  NOTE: 20210210: cf: 
https://lists.debian.org/debian-lts/2021/02/msg00029.html (utkarsh)
---
 shiro (Roberto C. Sánchez)
   NOTE: 20200920: WIP
   NOTE: 20200928: Still awaiting reponse to request for assistance sent to 
upstream dev list. (roberto)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d3497bfaa46454ddd71d3d2ec275788a70f2f5e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d3497bfaa46454ddd71d3d2ec275788a70f2f5e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-2569-1 for python-django

[Chris Lamb]

Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3d135f66 by Chris Lamb at 2021-02-19T16:19:24+00:00
Reserve DLA-2569-1 for python-django

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[19 Feb 2021] DLA-2569-1 python-django - security update
+   {CVE-2021-23336}
+   [stretch] - python-django 1:1.10.7-2+deb9u11
 [19 Feb 2021] DLA-2568-1 bind9 - security update
{CVE-2020-8625}
[stretch] - bind9 1:9.10.3.dfsg.P4-12.3+deb9u8


=
data/dla-needed.txt
=
@@ -81,8 +81,6 @@ openvswitch (Thorsten Alteholz)
 --
 php-pear
 --
-python-django (Chris Lamb)
---
 python-pysaml2 (Abhijith PA)
 --
 python3.5



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d135f660fd0910807675ad54b32bb783747598e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d135f660fd0910807675ad54b32bb783747598e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new yara issue, NFUs (concludes external check)

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c7f6efef by Moritz Muehlenhoff at 2021-02-19T16:52:56+01:00
new yara issue, NFUs (concludes external check)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -36,8 +36,10 @@ CVE-2019-25020
RESERVED
 CVE-2021-3413
RESERVED
+   NOT-FOR-US: Red Hat Satellite
 CVE-2021-3412
RESERVED
+   NOT-FOR-US: Red Hat 3scale API Management
 CVE-2021-27399
RESERVED
 CVE-2021-27398
@@ -1110,6 +1112,9 @@ CVE-2021-26906 (An issue was discovered in 
res_pjsip_session.c in Digium Asteris
TODO: check
 CVE-2021-3402
RESERVED
+   - yara 
+   NOTE: https://www.openwall.com/lists/oss-security/2021/01/29/2
+   NOTE: https://www.x41-dsec.de/lab/advisories/x41-2021-001-yara/
 CVE-2021-26905 (1Password SCIM Bridge before 1.6.2 mishandles validation of 
authentica ...)
NOT-FOR-US: 1Password SCIM Bridge
 CVE-2021-26904



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7f6efefec9383f9f8ea5a0e6ce3f40224012680

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7f6efefec9383f9f8ea5a0e6ce3f40224012680
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new jackson-dataformat-cbor, node-prismjs, python-reportlab issues

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
676b349e by Moritz Muehlenhoff at 2021-02-19T16:34:03+01:00
new jackson-dataformat-cbor, node-prismjs, python-reportlab issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -9256,7 +9256,10 @@ CVE-2021-23343
 CVE-2021-23342
RESERVED
 CVE-2021-23341 (The package prismjs before 1.23.0 are vulnerable to Regular 
Expression ...)
-   TODO: check
+   - node-prismjs 
+   NOTE: 
https://github.com/PrismJS/prism/commit/c2f6a64426f44497a675cb32dccb079b3eff1609
+   NOTE: https://github.com/PrismJS/prism/pull/2584
+   NOTE: https://github.com/PrismJS/prism/issues/2583
 CVE-2021-23340 (This affects the package pimcore/pimcore before 6.8.8. A Local 
FIle In ...)
TODO: check
 CVE-2021-23339 (This affects all versions of package 
com.typesafe.akka:akka-http-core. ...)
@@ -17197,6 +17200,7 @@ CVE-2021-20253
RESERVED
 CVE-2021-20252
RESERVED
+   NOT-FOR-US: Red Hat 3scale API Management
 CVE-2021-20251
RESERVED
 CVE-2021-20250
@@ -24613,9 +24617,11 @@ CVE-2020-28493 (This affects the package jinja2 from 
0.0.0 and before 2.11.3. Th
 CVE-2020-28492
REJECTED
 CVE-2020-28491 (This affects the package 
com.fasterxml.jackson.dataformat:jackson-data ...)
-   TODO: check
+   - jackson-dataformat-cbor 
+   NOTE: 
https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6
+   NOTE: https://github.com/FasterXML/jackson-dataformats-binary/issues/186
 CVE-2020-28490 (The package async-git before 1.13.2 are vulnerable to Command 
Injectio ...)
-   TODO: check
+   NOT-FOR-US: Node async-git
 CVE-2020-28489
RESERVED
 CVE-2020-28488
@@ -24676,7 +24682,9 @@ CVE-2020-28465
 CVE-2020-28464 (This affects the package djv before 2.1.4. By controlling the 
schema f ...)
NOT-FOR-US: Node djv
 CVE-2020-28463 (All versions of package reportlab are vulnerable to 
Server-side Reques ...)
-   TODO: check
+   - python-reportlab 
+   [buster] - python-reportlab  (Minor issue)
+   NOTE: https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145
 CVE-2020-28462
RESERVED
 CVE-2020-28461



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/676b349e8e4d3ae46a1fd94260eee1a677f99039

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/676b349e8e4d3ae46a1fd94260eee1a677f99039
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFU

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9190ab5f by Moritz Muehlenhoff at 2021-02-19T16:10:07+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -11891,6 +11891,7 @@ CVE-2021-22113
RESERVED
 CVE-2021-22112
RESERVED
+   NOT-FOR-US: Jenkins
 CVE-2021-22111
RESERVED
 CVE-2021-22110



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9190ab5f2f9cfe729de711a31d641d8c2b2b7800

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9190ab5f2f9cfe729de711a31d641d8c2b2b7800
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Update status for CVE-2021-3411/linux

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3f34b1c5 by Salvatore Bonaccorso at 2021-02-19T13:59:39+01:00
Update status for CVE-2021-3411/linux

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -442,7 +442,9 @@ CVE-2013-20001 (An issue was discovered in OpenZFS through 
2.0.3. When an NFS sh
NOT-FOR-US: OpenZFS
 CVE-2021-3411
RESERVED
-   - linux 
+   - linux 5.9.15-1
+   [buster] - linux  (Vulnerable code introduced later)
+   [stretch] - linux  (Vulnerable code introduced later)
 CVE-2021-3410
RESERVED
 CVE-2021-27205 (Telegram before 7.4 (212543) Stable on macOS stores the local 
copy of  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f34b1c59a7486c0959ef17d0eb3185fe1cd9c97

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f34b1c59a7486c0959ef17d0eb3185fe1cd9c97
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add initial tracking for CVE-2021-3411/linux

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3c3a40f3 by Salvatore Bonaccorso at 2021-02-19T13:49:49+01:00
Add initial tracking for CVE-2021-3411/linux

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -442,6 +442,7 @@ CVE-2013-20001 (An issue was discovered in OpenZFS through 
2.0.3. When an NFS sh
NOT-FOR-US: OpenZFS
 CVE-2021-3411
RESERVED
+   - linux 
 CVE-2021-3410
RESERVED
 CVE-2021-27205 (Telegram before 7.4 (212543) Stable on macOS stores the local 
copy of  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c3a40f39ee11c852035d0b35ba43e7d2fbba0ba

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c3a40f39ee11c852035d0b35ba43e7d2fbba0ba
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2021-23336 is not fixed with 1:1.10.7-2+deb9u10 in unstable

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a36c4cb2 by Salvatore Bonaccorso at 2021-02-19T13:36:12+01:00
CVE-2021-23336 is not fixed with 1:1.10.7-2+deb9u10 in unstable

- - - - -
ce51556c by Salvatore Bonaccorso at 2021-02-19T13:38:10+01:00
Track fixed version for CVE-2021-23336/python-django via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -9264,7 +9264,7 @@ CVE-2021-23337 (All versions of package lodash; all 
versions of package org.fuji
- node-lodash 
NOTE: https://snyk.io/vuln/SNYK-JS-LODASH-1040724
 CVE-2021-23336 (The package python/cpython from 0 and before 3.6.13, from 
3.7.0 and be ...)
-   - python-django 1:1.10.7-2+deb9u10 (bug #983090)
+   - python-django 2:2.2.19-1 (bug #983090)
- python3.9 
- python3.8 
- python3.7 



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/880bfdd34e5712cbed9dfa228bf8229f936064b5...ce51556c3b0c25b9627011b4e9e7099cf8dcd3ad

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/880bfdd34e5712cbed9dfa228bf8229f936064b5...ce51556c3b0c25b9627011b4e9e7099cf8dcd3ad
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: data/dla-needed.txt: Triage python-django for stretch LTS (CVE-2021-23336).

[Chris Lamb]

Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d30572a8 by Chris Lamb at 2021-02-19T09:24:20+00:00
data/dla-needed.txt: Triage python-django for stretch LTS (CVE-2021-23336).

- - - - -
880bfdd3 by Chris Lamb at 2021-02-19T09:24:29+00:00
data/dla-needed.txt: Claim python-django.

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -81,6 +81,8 @@ openvswitch (Thorsten Alteholz)
 --
 php-pear
 --
+python-django (Chris Lamb)
+--
 python-pysaml2 (Abhijith PA)
 --
 python3.5



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/69e594063e4e728f0e169c79f5fc313f9b72c37c...880bfdd34e5712cbed9dfa228bf8229f936064b5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/69e594063e4e728f0e169c79f5fc313f9b72c37c...880bfdd34e5712cbed9dfa228bf8229f936064b5
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Note that python-django is vulnerable to CVE-2021-23336 due to embedded code copy & add bug report.

[Chris Lamb]

Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
69e59406 by Chris Lamb at 2021-02-19T09:21:26+00:00
Note that python-django is vulnerable to CVE-2021-23336 due to embedded code 
copy  add bug report.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -9264,6 +9264,7 @@ CVE-2021-23337 (All versions of package lodash; all 
versions of package org.fuji
- node-lodash 
NOTE: https://snyk.io/vuln/SNYK-JS-LODASH-1040724
 CVE-2021-23336 (The package python/cpython from 0 and before 3.6.13, from 
3.7.0 and be ...)
+   - python-django 1:1.10.7-2+deb9u10 (bug #983090)
- python3.9 
- python3.8 
- python3.7 



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69e594063e4e728f0e169c79f5fc313f9b72c37c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69e594063e4e728f0e169c79f5fc313f9b72c37c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-2568-1 for bind9

[Chris Lamb]

Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fbf46329 by Chris Lamb at 2021-02-19T08:39:49+00:00
Reserve DLA-2568-1 for bind9

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[19 Feb 2021] DLA-2568-1 bind9 - security update
+   {CVE-2020-8625}
+   [stretch] - bind9 1:9.10.3.dfsg.P4-12.3+deb9u8
 [18 Feb 2021] DLA-2567-1 unrar-free - security update
{CVE-2017-14120 CVE-2017-14121 CVE-2017-14122}
[stretch] - unrar-free 1:0.0.1+cvs20140707-1+deb9u1


=
data/dla-needed.txt
=
@@ -22,8 +22,6 @@ ansible (Markus Koschany)
   20210215: As discussed with the maintainer I will update Buster first and
   20210215: after that LTS.
 --
-bind9 (Chris Lamb)
---
 ceph (Emilio)
   NOTE: 20200707: Vulnerable to at least CVE-2018-14662. (lamby)
   NOTE: 20200707: Some discussion regarding removal 
 (lamby)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbf46329368fe265b1b300a661dfe827fa2e4a6d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbf46329368fe265b1b300a661dfe827fa2e4a6d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: Adjust explanation for CVE-2021-27379 as the referenced URL is not accessible

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e19bee97 by Salvatore Bonaccorso at 2021-02-19T09:19:32+01:00
Adjust explanation for CVE-2021-27379 as the referenced URL is not accessible

- - - - -
79119ae0 by Salvatore Bonaccorso at 2021-02-19T09:24:28+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,9 +1,9 @@
 CVE-2021-27405 (A ReDoS (regular expression denial of service) flaw was found 
in the @ ...)
TODO: check
 CVE-2021-27404 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices 
allow injec ...)
-   TODO: check
+   NOT-FOR-US: Askey devices
 CVE-2021-27403 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices 
allow cgi-b ...)
-   TODO: check
+   NOT-FOR-US: Askey devices
 CVE-2021-27402
RESERVED
 CVE-2021-27401
@@ -21,11 +21,11 @@ CVE-2020-36249 (The File Firewall before 2.8.0 for ownCloud 
Server does not prop
 CVE-2020-36248 (The ownCloud application before 2.15 for Android allows 
attackers to u ...)
TODO: check
 CVE-2020-36247 (Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows 
CSRF. ...)
-   TODO: check
+   NOT-FOR-US: Open OnDemand
 CVE-2020-36246 (Amaze File Manager before 3.5.1 allows attackers to obtain 
root privil ...)
-   TODO: check
+   NOT-FOR-US: Amaze File Manager
 CVE-2019-25024 (OpenRepeater (ORP) before 2.2 allows unauthenticated command 
injection ...)
-   TODO: check
+   NOT-FOR-US: OpenRepeater (ORP)
 CVE-2019-25023
RESERVED
 CVE-2019-25022
@@ -80,7 +80,7 @@ CVE-2021-27380
RESERVED
 CVE-2021-27379 (An issue was discovered in Xen through 4.11.x, allowing x86 
Intel HVM  ...)
- xen 
-   [stretch] - xen  (not supported; see 
https://gitlab.com/freexian-lts/debian-lts/-/commit/1b701a243a893d6cce6e59778b525407d560ab91)
+   [stretch] - xen  (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-366.html
 CVE-2021-27378 (An issue was discovered in the rand_core crate before 0.6.2 
for Rust.  ...)
- rust-rand-core 
@@ -1459,7 +1459,7 @@ CVE-2021-26749
 CVE-2021-26748
RESERVED
 CVE-2021-26747 (Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow 
Shell Metach ...)
-   TODO: check
+   NOT-FOR-US: Netis devices
 CVE-2021-26746 (Chamilo 1.11.14 allows XSS via a 
main/calendar/agenda_list.php?type= U ...)
TODO: check
 CVE-2021-26745
@@ -2518,7 +2518,7 @@ CVE-2021-3341 (A path traversal vulnerability in the 
DxWebEngine component of DH
 CVE-2021-3340 (A cross-site scripting (XSS) vulnerability in many forms of 
Wikindx be ...)
NOT-FOR-US: Wikindx
 CVE-2021-3339 (ModernFlow before 1.3.00.208 does not constrain web-page access 
to mem ...)
-   TODO: check
+   NOT-FOR-US: ModernFlow
 CVE-2021-3338
RESERVED
 CVE-2021-3337 (The Hide-Thread-Content plugin through 2021-01-27 for MyBB 
allows remo ...)
@@ -15388,9 +15388,9 @@ CVE-2020-35594
 CVE-2020-35593
RESERVED
 CVE-2020-35592 (Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header 
to the a ...)
-   TODO: check
+   NOT-FOR-US: Pi-hole
 CVE-2020-35591 (Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The 
application d ...)
-   TODO: check
+   NOT-FOR-US: Pi-hole
 CVE-2020-35590 (LimitLoginAttempts.php in the limit-login-attempts-reloaded 
plugin bef ...)
NOT-FOR-US: limit-login-attempts-reloaded plugin for WordPress
 CVE-2020-35589 (The limit-login-attempts-reloaded plugin before 2.17.4 for 
WordPress a ...)
@@ -20011,7 +20011,7 @@ CVE-2020-29666 (In Lan ATMService M3 ATM Monitoring 
System 6.1.0, due to a direc
 CVE-2020-29665
RESERVED
 CVE-2020-29664 (A command injection issue in dji_sys in DJI Mavic 2 Remote 
Controller  ...)
-   TODO: check
+   NOT-FOR-US: DJI Mavic 2 Remote Controller firmware
 CVE-2020-29663 (Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where 
revoked ...)
- icinga2 2.12.3-1
[buster] - icinga2  (Minor issue)
@@ -46262,7 +46262,7 @@ CVE-2020-19515
 CVE-2020-19514
RESERVED
 CVE-2020-19513 (Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 
allows atta ...)
-   TODO: check
+   NOT-FOR-US: FinalWire Ltd AIDA64 Engineer
 CVE-2020-19512
RESERVED
 CVE-2020-19511
@@ -76722,7 +76722,7 @@ CVE-2020-7851
 CVE-2020-7850
RESERVED
 CVE-2020-7849 (A vulnerability of uPrism.io CURIX(Video conferecing solution) 
could a ...)
-   TODO: check
+   NOT-FOR-US: uPrism.io CURIX
 CVE-2020-7848 (The EFM ipTIME C200 IP Camera is affected by a Command 
Injection vulne ...)
NOT-FOR-US: EFM ipTIME C200 IP Camera
 CVE-2020-7847



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7f0ced0d4eef25729899c2fc4e6c76cef2c41bae...79119ae0eeab47f42592b899d5d70fc50b628240

-- 
View it on GitLab: 

[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7f0ced0d by security tracker role at 2021-02-19T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,39 @@
+CVE-2021-27405 (A ReDoS (regular expression denial of service) flaw was found 
in the @ ...)
+   TODO: check
+CVE-2021-27404 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices 
allow injec ...)
+   TODO: check
+CVE-2021-27403 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices 
allow cgi-b ...)
+   TODO: check
+CVE-2021-27402
+   RESERVED
+CVE-2021-27401
+   RESERVED
+CVE-2021-27400
+   RESERVED
+CVE-2020-36252 (ownCloud Server 10.x before 10.3.1 allows an attacker, who has 
one out ...)
+   TODO: check
+CVE-2020-36251 (ownCloud Server before 10.3.0 allows an attacker, who has 
received non ...)
+   TODO: check
+CVE-2020-36250 (In the ownCloud application before 2.15 for Android, the lock 
protecti ...)
+   TODO: check
+CVE-2020-36249 (The File Firewall before 2.8.0 for ownCloud Server does not 
properly e ...)
+   TODO: check
+CVE-2020-36248 (The ownCloud application before 2.15 for Android allows 
attackers to u ...)
+   TODO: check
+CVE-2020-36247 (Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows 
CSRF. ...)
+   TODO: check
+CVE-2020-36246 (Amaze File Manager before 3.5.1 allows attackers to obtain 
root privil ...)
+   TODO: check
+CVE-2019-25024 (OpenRepeater (ORP) before 2.2 allows unauthenticated command 
injection ...)
+   TODO: check
+CVE-2019-25023
+   RESERVED
+CVE-2019-25022
+   RESERVED
+CVE-2019-25021
+   RESERVED
+CVE-2019-25020
+   RESERVED
 CVE-2021-3413
RESERVED
 CVE-2021-3412
@@ -53,7 +89,7 @@ CVE-2021-27377 (An issue was discovered in the yottadb crate 
before 1.2.0 for Ru
NOT-FOR-US: Rust crate yottadb
 CVE-2021-27376 (An issue was discovered in the nb-connect crate before 1.0.3 
for Rust. ...)
NOT-FOR-US: Rust crate nb-connect
-CVE-2021-27375 (Traefik 2.4.3 allows the loading of IFRAME elements from other 
domains ...)
+CVE-2021-27375 (Traefik before 2.4.5 allows the loading of IFRAME elements 
from other  ...)
NOT-FOR-US: Traefik
 CVE-2021-27374 (VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 
before p ...)
NOT-FOR-US: VertiGIS WebOffice
@@ -1067,8 +1103,8 @@ CVE-2021-26908
RESERVED
 CVE-2021-26907
RESERVED
-CVE-2021-26906
-   RESERVED
+CVE-2021-26906 (An issue was discovered in res_pjsip_session.c in Digium 
Asterisk thro ...)
+   TODO: check
 CVE-2021-3402
RESERVED
 CVE-2021-26905 (1Password SCIM Bridge before 1.6.2 mishandles validation of 
authentica ...)
@@ -1422,10 +1458,10 @@ CVE-2021-26749
RESERVED
 CVE-2021-26748
RESERVED
-CVE-2021-26747
-   RESERVED
-CVE-2021-26746
-   RESERVED
+CVE-2021-26747 (Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow 
Shell Metach ...)
+   TODO: check
+CVE-2021-26746 (Chamilo 1.11.14 allows XSS via a 
main/calendar/agenda_list.php?type= U ...)
+   TODO: check
 CVE-2021-26745
RESERVED
 CVE-2021-26744
@@ -1486,8 +1522,8 @@ CVE-2021-26719 (A directory traversal issue was 
discovered in Gradle gradle-ente
NOT-FOR-US: gradle-enterprise-test-distribution-agent
 CVE-2021-26718
RESERVED
-CVE-2021-26717
-   RESERVED
+CVE-2021-26717 (An issue was discovered in Sangoma Asterisk 16.x before 
16.16.1, 17.x  ...)
+   TODO: check
 CVE-2021-26716
RESERVED
 CVE-2021-26715
@@ -1496,8 +1532,8 @@ CVE-2021-26714
RESERVED
 CVE-2021-26713
RESERVED
-CVE-2021-26712
-   RESERVED
+CVE-2021-26712 (Incorrect access controls in res_srtp.c in Sangoma Asterisk 
13.38.1, 1 ...)
+   TODO: check
 CVE-2021-26711 (A frame-injection issue in the online help in Redwood 
Report2Web 4.3.4 ...)
NOT-FOR-US: Redwood Report2Web
 CVE-2021-26710 (A cross-site scripting (XSS) issue in the login panel in 
Redwood Repor ...)
@@ -2481,8 +2517,8 @@ CVE-2021-3341 (A path traversal vulnerability in the 
DxWebEngine component of DH
NOT-FOR-US: DH2i DxEnterprise and DxOdyssey for Windows
 CVE-2021-3340 (A cross-site scripting (XSS) vulnerability in many forms of 
Wikindx be ...)
NOT-FOR-US: Wikindx
-CVE-2021-3339
-   RESERVED
+CVE-2021-3339 (ModernFlow before 1.3.00.208 does not constrain web-page access 
to mem ...)
+   TODO: check
 CVE-2021-3338
RESERVED
 CVE-2021-3337 (The Hide-Thread-Content plugin through 2021-01-27 for MyBB 
allows remo ...)
@@ -14100,8 +14136,8 @@ CVE-2020-35778 (Certain NETGEAR devices are affected by 
CSRF. This affects GS716
NOT-FOR-US: Netgear
 CVE-2020-35777 (NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by 
command inj ...)
NOT-FOR-US: Netgear
-CVE-2020-35776
-   RESERVED

[Git][security-tracker-team/security-tracker][master] 2 commits: data/dla-needed.txt: Triage bind9 for stretch LTS (CVE-2020-8625).

[Chris Lamb]

Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6c4c62e1 by Chris Lamb at 2021-02-19T08:00:28+00:00
data/dla-needed.txt: Triage bind9 for stretch LTS (CVE-2020-8625).

- - - - -
c392f556 by Chris Lamb at 2021-02-19T08:00:36+00:00
data/dla-needed.txt: Claim bind9.

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -22,6 +22,8 @@ ansible (Markus Koschany)
   20210215: As discussed with the maintainer I will update Buster first and
   20210215: after that LTS.
 --
+bind9 (Chris Lamb)
+--
 ceph (Emilio)
   NOTE: 20200707: Vulnerable to at least CVE-2018-14662. (lamby)
   NOTE: 20200707: Some discussion regarding removal 
 (lamby)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b16242c79d4dcc9e3291fcdf90731f5f3f80e3df...c392f556fb586f43e72c88a3447eda44cc3d4ca2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b16242c79d4dcc9e3291fcdf90731f5f3f80e3df...c392f556fb586f43e72c88a3447eda44cc3d4ca2
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits